Standards Australia is close to completing work on cyber security standards for solar inverters, representatives of the Department of Climate Change, Energy, the Environment and Water (DCCEEW) told senate estimates last week.
The project is designed to address the risk that inverters could provide an attack vector into energy networks.
Inverters (which convert the DC provided by rooftop solar panels) are increasingly connected to energy provider control networks over the internet, allowing providers to manage how much electricity distributed energy resources (DERs) push into the electricity network.
However, that exposure has led to concerns that poorly secured inverters, or systems subject to security vulnerabilities, could provide an attack vector.
DCCEEW’s Dr Martin Squire, head of the energy security and crisis response branch, told estimates last week that Standards Australia was briefed to look into inverter security after the department received budget in October 2022 for the security project.
Standards Australia is “currently in the process” of finalising a report for the department, Squire said, “and then we'll be in a position to move forward with a standards development proposal with Standards Australia in terms of additional cyber standards for rooftop inverters.”
DCCEEW secretary David Fredericks told estimates the department is “working with [the Australian Energy Market Operator] to see what options are available … to enhance technical options.
“And we have been working very closely with the Department of Home Affairs” because “the energy sector is a named critical piece of infrastructure," Fredericks added.
Squire also noted the Cyber Security Cooperative Research Centre (CRC) had provided a report in August into the possible cyber security risks inherent in solar inverters.
“The study … talks to the potential for misuse of rooftop inverters and the sorts of issues that that would create, particularly for the national electricity market, in terms of the incorrect signals that might be received by the [Australian] Energy Market Operator,” Squire said.
“We're in early-stage discussions with the Australian Energy Market Operator about a potential technical solution that could be applied in the event that there is a successful cyber attack on rooftop inverters to restore functionality and stability to the grid.”